Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: Safari 7-day storage limit, ideas for improvement
3 points by phillipseamore on Feb 20, 2022 | hide | past | favorite | 6 comments
Following some of the discussion on "Safari now supports File System Access API with private origin" (https://news.ycombinator.com/item?id=30394737) and that it's limited just like all other storage in Safari to a maximum of 7 days without a repeat visit, I started wondering what could be a better design for evacuating storage.

The limited time for storage was announced by Apple as a privacy measure to combat tracking. But that falls apart rather quickly if a site that a users opens and closes a second later gets the same time limit as a site that the user actively engages with.

So I'm thinking this might be better handled with something like the Media Engagement Index for media autoplay policy (perhaps only Chrome implemented that index).

Here's an example that would only apply to first-party storage:

- User does not interact with website (scrolling, playing media and clicking external links would not count as interacting)

  No storage allowed and it's cleared shortly after the user leaves the site.
- User interacts with website

  Storage allowed and cleared in 45 days without a repeat visit
- User spends more than 5 minutes on site (perhaps within 24 hours)

  Storage extends to 90 days without a repeat visit
- User input into form fields or adds files

  Storage extends to 180 days without a repeat visit
Each repeat visit would extend according to the rules above or at least 30 days if no interaction. The score could also be used to set the storage quota for the site.

I do know that the current time limit only applies to storage APIs including cookies accessible via scripting (HTTP only cookies are not limited) but my interest is in sites that can store everything on the client side without any user data (including cookies) going back to the server.

This could even open up the possibility for Safari to sync data for sites that get the highest engagement scores (180 days), which would be a great feature since no storage is synced today (in any browser I know of).

Is this something worth trying to get implemented (and perhaps in other browsers as well)?



Suggestions to improve the 7-day storage limit won't be welcomed by Apple. The privacy argument is just a cover story, not their real reason for doing it. They make Safari painful to develop Web apps for on purpose, so that you'll want to write a native app instead (and thus give them full control over it and 30% of the revenue from it).


Yeah I often feel that's the case.


It seems quite good at 7 days, all you got to do is revisit to elongate the period. I don't really want trash on my laptop from all sorts of website for ever.

I understand the point of view you're looking at but its great for once in a very long time the browser favoured the user vs the developer.

The solution you're proposing isn't very helpful since it introduces variability. If you can have 1 user with a 7 day window and one with a 90 day window it makes it impossible to offer a consistent product (other than one that encourages you to stay on a website for longer). If you're making an app and have to have 2 different time periods for how long data can live, then you have to tell the customer about that it's just a nightmare.


I'd argue that it does not, at least from a privacy perspective. Sites that could be completely client-side but are used less than once a week now need to keep user data and authenticate users. Another solution to that would be to allow asking for longer storage after some engagement.

My OP points should actually seriously reduce trash and enhance privacy since not every single site you visit can use your storage for 7 days, only those you actually engage with.

The variability is directly tied to the importance of the users data in storage. A user clicks on a "Read later" button that would imply the 45 day rule (or 90 if he spends more time), if a user adds a file or enters text it's the 180 day rule.

I have yet to encounter a site that alerts me to come back with in 7 days, they all just save the data server-side, which I don't feel is privacy friendly.


What about PWA added to the Home Screen? I read they aren’t subject to storage time limits.


They are excluded from the limit (WebViews within apps probably also). But getting a user to install a PWA on Apple devices is difficult. Besides, if it's something used occasionally a user shouldn't have to add a site to the home screen.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: